Category Archives: Linux

AES Zip archives with 7zip 7za on RHEL 6

Posted on February 13, 2012 by | 4 Comments

Littleplanet-Versuch picture

Mortgage Madness

I refinanced again–once again with no closing costs while sacrificing some on the rate.  Interest rates are again at historic lows which meant I had to take avantage of two great opportunities–lowering my rate by three quarters of a percentage and shortening the length of my loan to a 15 year term.  With no out of pocket costs involved (or closing costs financed), there was nothing to lose.

The upside is that I keep making the same payment I’ve always made and more money goes to driving the principle balance to zero because of the lower rate and shorter duration of the loan.  Two great sites I found for following rates and the mortgage process are:

Collecting and Sending all those statements

Usually I rely on my tried and true fax machine, but this time I decided it was time to join the rest of the world and managed to collect everything as PDFs. After gathering them all in a folder I realized I didn’t want to send them unencrypted over the wire.

Next I searched for a way to zip all the files and lock the archive with a password that couldn’t easily be hacked and read on Windows. From what I could find on Google, the regular linux zip password protected algorithm was not secure, however encrypting with AES was.

I discovered that 7zip could do strong AES encryption and store in a zip format–presumably most Windows users (and my loan officer) would be able to read the archive, however the instructions I found to do so were horrible.

After google failed me I turned to the powerhouse of Red Hat engineers on an internal list… and in less than 24 hours I had a solid answer–thank you Norman Mark St. Laurent!  There is very little coherent information on Google about using 7zip with RHEL–the package names are confusing, the man pages are incomplete, and none of the examples I found for other platforms worked.  This post aims to remedy that.

Creating an AES encrypted archive with RHEL 6 and 7zip

1) Make sure EPEL (Extra Packages for Enterprise Linuxe is enabled)

2) Install the 7zip package (note the package name is not the same as the executable).

$ su -c 'yum install p7zip'

3) Create an encrypted archive readable by WinZip.

$ 7za a -y -tzip -pMY_PASSWORD -mem=AES256 archive-name.zip /path/to/directory-of-files

Image by Alexander Stielauvia flickr used under a Creative Commons license.

→ 4 Comments

Posted in Fedora, Linux, Productivity, Red Hat Enterprise Linux

Try Out OpenShift Today

Posted on May 4, 2011 by | 1 Comment

I couldn’t be prouder of today’s OpenShift (PAAS–Platform as a Service) cloud announcement by Red Hat. It’s not often that you get to be project manager on a release this big or exciting. It was a massive team effort involving many smart and driven people at Red Hat and it was inspiring to work along side them.

If you’re looking for a free place to host your unmodified PHP, Ruby, or Python application, look no further than OpenShift Express.  See the OpenShift site for for more information about Express and the other offerings.

This is the culmination of one of the roles I assumed after transitioning from Fedora in November 2010.  Another project I took on will also soon release in Red Hat Enterprise Linux 6.1. It is an elegant, comprehensive certificate based system for managing your Red Hat subscriptions that goes beyond the existing Red Hat Network. This project was also particularly interesting and challenging since it involved a number of groups inside Red Hat I haven’t worked with before.

Speaking of Fedora, I hear they are on track for shipping Fedora 15 on May 24, 2011! I’ve enjoyed being obliviously unaware of the trials and travails of this release cycle while appreciating the very polished and stable Fedora 15 beta release. I wasn’t too sure I would like GNOME 3 after what I’d heard about the laptop power experience, but I do like it. I most miss the ability to see multiple time zones under the calendar and also find the calendar dim and hard to read at a glance.  For now they are minor inconveniences.

→ 1 Comment

Posted in Fedora, Linux, Open Source, Productivity, Red Hat Enterprise Linux

GNOME Power Management Goes Too Far

Posted on February 23, 2011 by | 16 Comments

From Richard Hughes’ blog on February 2, 2011,

In GNOME 3.0, we’re defaulting to suspending the computer when the user shuts the lid, and not providing any preferences combobox to change this. This is what the UI designers for GNOME 3.0 want, and is probably a step in the right direction. We really can’t keep working around bugs in the kernel with extra UI controls.

This is going too far. I’ve never liked the suspend-on-close behavior, but I tolerate it on the MacBook because suspend always resumes.  Apple is in the unique position of fully controlling the software and a finite amount of hardware. GNOME and the Linux kernel are not.

How about the Dell XPS M1330 notebook I depend on heavily that does not reliably resume from suspend? This new feature does not improve my user experience.  It makes it worse.  I suspect it will be the same for others.

In a follow-up post by Alan Day,

The vast majority of people do not like lots of settings: they find them difficult to use, and it makes them think that GNOME isn’t intended for them. (We do want GNOME to have mass appeal, don’t we?!) ‘It’s just one setting!’, you might say, and that is a fair comment. The question is: when is one more setting a setting too far? Where do we draw the line?

I can see the complexities of doing design and variety of directions things can go. And yet, sometimes, isn’t the beauty of really good design, the ability to provide options and complexity in a simple way without removing functionality?

I’m not sure how GNOME gets mass appeal if, as in my situation, closing the laptop lid has the same result as pushing the power-off button without saving any work.  The mass-appeal crowd is not going to say “Oh look, I found a bug in the kernel,” and be fine with the results.

Image by marshponds via flickr used under a Creative Commons license.

→ 16 Comments

Posted in Fedora, Linux

Running Elluminate Live! on RHEL 6

Posted on February 21, 2011 by | 1 Comment

I’m continuing to run RHEL 6 on my laptop and encountered a recent challenge getting a Java based collaboration tool called Elluminate Live! (now known as Blackboard Collaborate) to run on it.  The necessary package is installed by default in Fedora and it ran fine there so I never paid much attention.

This took way longer to figure out than I thought it should so here is the bottom line:  If you are using the version of Java that comes by default in RHEL 6.0 you need the java-1.6.0-openjdk-plugin found in the “Optional” channel on RHN (or in RHEL6.1 and thereafter icetea-web).

If you’re running RHEL 6.0, java-1.6.0-openjdk-plugin is unavailable. I logged bug 678806.

[root@localhost ~]# yum install java-1.6.0-openjdk-plugin
Loaded plugins: refresh-packagekit, rhnplugin
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package java-1.6.0-openjdk-plugin.x86_64 1:1.6.0.0-1.21.b17.el6 set to be updated
--> Processing Dependency: java-1.6.0-openjdk = 1:1.6.0.0-1.21.b17.el6 for package: 1:java-1.6.0-openjdk-plugin-1.6.0.0-1.21.b17.el6.x86_64
--> Finished Dependency Resolution
Error: Package: 1:java-1.6.0-openjdk-plugin-1.6.0.0-1.21.b17.el6.x86_64 (rhel-x86_64-workstation-optional-6)
           Requires: java-1.6.0-openjdk = 1:1.6.0.0-1.21.b17.el6
           Installed: 1:java-1.6.0-openjdk-1.6.0.0-1.39.b17.el6_0.x86_64 (@rhel-x86_64-workstation-6)
               java-1.6.0-openjdk = 1:1.6.0.0-1.39.b17.el6_0
           Available: 1:java-1.6.0-openjdk-1.6.0.0-1.21.b17.el6.x86_64 (rhel-x86_64-workstation-6)
               java-1.6.0-openjdk = 1:1.6.0.0-1.21.b17.el6
           Available: 1:java-1.6.0-openjdk-1.6.0.0-1.31.b17.el6_0.x86_64 (rhel-x86_64-workstation-6)
               java-1.6.0-openjdk = 1:1.6.0.0-1.31.b17.el6_0
           Available: 1:java-1.6.0-openjdk-1.6.0.0-1.36.b17.el6_0.x86_64 (rhel-x86_64-workstation-6)
               java-1.6.0-openjdk = 1:1.6.0.0-1.36.b17.el6_0
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

Update: 2011-03-29.  It turns out the latest available openjdk package which fixed some security issues did not contain a new openjdk-plugin and thus the reason for the problem above.  If you are on RHEL 6.0 there is no current work-around except to try a different java jdk like Sun or IBM–also available on RHN.

In the RHEL 6.1 Beta and thereafter things should install fine.

$ su -c 'yum install icetea-web'

To get access to the public beta of RHEL6.1 enable the RHEL 6 beta channels for your system in RHN.

→ 1 Comment

Posted in Linux, Productivity, Red Hat Enterprise Linux

RHEL 6 EPEL

Posted on December 23, 2010 by | 9 Comments

With less time to live on the edge in Fedora-land these days I went looking for less excitement by way of Red Hat Enterprise Linux 6 for my Dell XPS M1330 laptop.  I was motivated to take a step back from Fedora 14 by a couple of things.  The first was the ongoing unresolved kernel bug surrounding wake-ups.  The second was hoping for a more reliable suspend and resume experience which has become more annoying the more time I spend on a MacBook.  To its credit, on RHEL 6, suspend and resume works 99% of the time–hibernate and resume, closer to 30% of the time, or once or twice before a reboot is required.

I love the Dell XPS M1330 notebook as an extremely lightweight, powerful, and cost effective machine.  I’m less enamoured with its repair record in the 20 months I’ve had it: a new motherboard, DVD drive, battery, and two touch pads because the spring in the left mouse button keeps breaking.  Each time a technician comes to fix it they tell me this machine wasn’t made for the amount of much travel I do, which if they knew, isn’t very much. Thankfully it has gold corporate support so it usually gets fixed within a day or two.

Oh yes, this post was about EPEL.  My appreciation and respect for all the people who make EPEL possible has increased ten fold!  Without many of the packages in EPEL, I wouldn’t be able to continue to work the way I did on Fedora.  Thank you EPEL people!  I get it now.

Here are the steps to get rolling with EPEL on RHEL 6–this assumes you have obtained RHEL 6 through normal channels and have a valid RHN subscription.

1) Install the RPM containing the repo definitions

$ su -c 'rpm -ivh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm'

2) Enable the Optional channel for your host by logging into RHN and enabling the Optional channel.  According to the EPEL wiki page this is required to resolve package dependencies.

3) Make sure EPEL and the Optional channel are enabled

$ yum repolist

Learn more about configuring EPEL at the Fedora wiki.

If you prefer to configure the EPEL repo by hand, follow these steps:

1)  As root, put the following in a separate file (with a name ending in .repo) in /etc/yum.repos.d:

[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 6 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 6 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1

2) import the EPEL rpm key:

# rpm --import https://fedoraproject.org/static/0608B895.txt

3) Enable the Optional channel for your host by logging into RHN and enabling the Optional channel.  According to the EPEL wiki page this is required to resolve package dependencies.

4) Make sure EPEL and the Optional channel are enabled

$ yum repolist

Thanks to my ever-present technical support person, Paul Frields, for providing the file above way back when the RHEL 6 EPEL repo RPM was not available.

→ 9 Comments

Posted in Fedora, Linux, Red Hat Enterprise Linux

Tagged , , , , ,

Fedora 12 USB Headset Volume Too Low

Posted on April 27, 2010 by | 15 Comments

About a month ago I was out of town and went to make a phone call using Twinkle and my Logitech USB headset.  The volume was so faint I could barely hear the person on the other end.

A few weeks before it had worked just fine.  Somewhere in the usual torrent of Fedora updates something changed (regressed).  The fantastic Paul Frields solved the problem for me over the phone yesterday.

Somehow the Alsa volume setting for my USB headset changed to zero.  The steps to fix it are very similiar to the problem I had on Fedora 11. Here are the steps to fix the current scenario:

1) Plug in USB headset

2) Run alsamixer from a command line

3) Hit <F6> to find and select the USB headset device

4) Use the up and down arrow keys to adjust the volume

I haven’t played around with this enough yet to notice, but according to Paul he has to manually reset the volume using alsamixer every time the USB headset is plugged in again.

→ 15 Comments

Posted in Fedora, Linux

Tagged , , , , , , , , , , ,

Protecting Files and Directories With encfs

Posted on February 26, 2010 by | 10 Comments

Sparks had an interesting post about Thunderbird email security. This reminded me of another technique I like which is to run Thunderbird and Firefox from an encrypted directory.  In addition to encrypting the data, Thunderbird and Firefox won’t start without the encrypted directory mounted.

Here is how to set it up on Fedora 12:

1) Install encfs

$ su -c 'yum install encfs'

2) Create an encrypted directory–all files copied here will be encrypted as long as you’ve run encfs and mounted the directory.  I’ve made the mistake before copying a bunch of data to what I thought was the encrypted directory only to find out later it was an empty mountpoint.  As a result the files were not encrypted and encfs complained the next time I tried to mount the encrypted directory.

$ encfs ~/.cryptdir/ ~/cryptdir/

Answer the questions and accept the defaults. This same command mounts the encrypted directory in the future.

3) Make sure the encrypted directory is mounted

$ mount | grep encfs
encfs on /home/bozo/cryptdir type fuse.encfs (rw,nosuid,nodev,default_permissions,user=bozo)

4) Make sure Thunderbird and Firefox are closed and not running.  Close them or kill the processes if they are.

$ ps -ef | grep -E 'thunderbird|firefox'

5) Move Thunderbird and Firefox files to the encrypted directory

$ mv ~/.thunderbird  ~/cryptdir/thunderbird
$ mv ~/.mozilla ~/cryptdir/mozilla

6) Create symlinks (shortcuts to the directory in the encrypted folder)

$ ln -s ~/cryptdir/thunderbird ~/.thunderbird
$ ln -s ~/cryptdir/mozilla ~/.mozilla

6) Start up Thunderbird or Firefox and make sure they work

To manually un-mount the encrypted directory

$ fusermount -u ~/cryptdir

You may also want to consider putting other important files in the ~/cryptdir as well.

→ 10 Comments

Posted in Fedora, Linux, Productivity

Tagged , , , , , , ,

Gnome Desktop Full of Files & Directories

Posted on January 29, 2010 by | 6 Comments

Have you ever had the Gnome desktop suddenly show every folder and file in your home directory? Have you ever nuked the ~/Desktop directory (intentionally or not) and wondered later why all of the files and folders in your home directory show up on the Desktop?

This has happened several times to me and I finally figured out what was causing it.  It turns out that the ~/Desktop directory is the important connection.  If you remove it, intentionally or otherwise, be prepared for everything in the first level of your home directory to show up on your desktop.  Recreating ~/Desktop does not fix it.

Compliments of the Ubuntu forums I found the solution:

1) Open ~/.config/user-dirs.dirs with a text editor

2) Make sure this line reads as follows: XDG_DESKTOP_DIR="$HOME/Desktop"

Maybe someone else has the solution to this problem: why are 95% of the solutions I find for Fedora in the Ubuntu forums and how can we fix that?

→ 6 Comments

Posted in Fedora, Linux

Tagged , , , , ,

Fixing Networked Cloned Guests

Posted on January 26, 2010 by | Leave a comment

I’ve been running very minimal server installs under KVM to experiment with different web services.  As a result I rely on /etc/init.d/network to handle networking.  After cloning a guest in virt-manager on Fedora 12, networking does not work on the cloned guest.  Here are the steps to get back in business:

1) Edit the file /etc/sysconfig/network-scripts/ifcfg-eth0 (or whatever your network adapter is) to reflect the new MAC address of the new virtual network card. The new MAC address can be found under the Information icon in virt-manager for the guest you are working with.

2) Delete the file and rm /etc/udev/rules.d/70-persistent-net.rules

3) Reboot the guest

This is a known issue being tracked as bug 524269.  The cloning feature is great.  Someday I hope we have similar snap-shotting functionality like VMware Workstation and VirtualBox.

Thanks to Sven Lankes Tom Horsley on the Fedora virtualization list for helping me out.

→ Leave a comment

Posted in Fedora, Linux

Tagged , , , , ,

Is Collaboration Overrated?

Posted on January 22, 2010 by | 4 Comments

This quote struck me from an interesting article called World Wide Mush by Jaron Lanier in the Wall Street Journal:

Here’s one problem with digital collectivism: We shouldn’t want the whole world to take on the quality of having been designed by a committee. When you have everyone collaborate on everything, you generate a dull, average outcome in all things. You don’t get innovation.

If you want to foster creativity and excellence, you have to introduce some boundaries. Teams need some privacy from one another to develop unique approaches to any kind of competition. Scientists need some time in private before publication to get their results in order. Making everything open all the time creates what I call a global mush.

There’s a dominant dogma in the online culture of the moment that collectives make the best stuff, but it hasn’t proven to be true. The most sophisticated, influential and lucrative examples of computer code–like the page-rank algorithms in the top search engines or Adobe’s Flash–always turn out to be the results of proprietary development. Indeed, the adored iPhone came out of what many regard as the most closed, tyrannically managed software-development shop on Earth.

To which I say, “What about the Linux kernel?”  Lanier raises some interesting points and includes some compelling examples, particularly the iPhone, but overall his article feels too “all or nothing”–that all mass collaborations in all settings always turns to mush.

There are a number good aspects to the open model that Lanier has overlooked, particularly the number of hugely successful and widely used open source software programs–all of which by definition, are free.

Lanier’s criteria for the “best stuff” is confusing.  “Sophisticated and influential”–maybe, but “lucrative?” It seems odd to make monetary success part of the criteria when the whole point is making these these programs freely available.

A “design by committee” approach for strategic leadership does turn to mush.  This is why I believe the leadership bodies of the Fedora Project, particularly the Fedora Board and Fedora Engineering Steering Committee (FESCo), have an obligation to lead and that all of Fedora cannot decide Fedora’s strategic direction together.  These leaders can and should solicit input and ideas from all of the Fedora Project.

→ 4 Comments

Posted in Linux, Open Source, Productivity